I am trying to test a local website link for a possible XSS attack. Can you please help me looking for a solution in way that if i add some script tag to the end of the URL under test, then it either throw and exception or an alert. For Eg: If link under test is: https://testmysite/login.aspx then what kind of script I can append with URL so that it returns an Exception or an Alert. I hope that the question is clear. Pardon me if this has been already asked as I am unable to find the exact problem.

Isn't that more for including in the body of a page? If you want to attack he URL don't you need ones that take parameters, in which case his example won't be susceptible to it?
–
Phil KirkhamSep 10 '13 at 20:11

1

I agree. His example doesn't actually lend itself to this vulnerability. But I think his was a made-up example, without an understanding of the issue. Hopefully the link will clear that up.
–
Joe StrazzereSep 11 '13 at 11:09

Thanks for the answers guys and link is worth but when i tried to put my site inside the script then the page stays as it is. For eg. if i am on login page then if i try to append the script then page don't display any alert or exception. Is it fine ? How do we get to know that the page has been attacked ?
–
khappiSep 11 '13 at 15:15

2

Seems you need do a LOT more reading - the example Joe gave is for a site where part of the page is made up from user input e.g. a comment, if there is an exploit then a msg box will appear. Please read the link Joe gave
–
Phil KirkhamSep 11 '13 at 19:09

Sure Phil. I'll get back in case of issues. Thanks
–
khappiSep 12 '13 at 4:02